TRENDS ON THE DEVELOPMENT OF INFORMATION SECURITY

ТЕНДЕНЦИИ В РАЗВИТИИ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ

Леонтьев Александр Сергеевич

студент, кафедра "Измерительные и вычислительные комплексы", Ульяновский государственный технический университет,

РФ, г. Ульяновск

Корухова Людмила Владимировна

научный руководитель, канд. фил. наук, доц., Ульяновский государственный технический университет,

РФ, г. Ульяновск

ABSTRACT

This article examines current trends in the field of information security and possible ways to develop this area in the future. We are exploring what new types of infrastructures have appeared recently, what vulnerabilities have appeared in new technologies and how they will be protected in the future. We are discussing how information security will develop in the future.

АННОТАЦИЯ

В этой статье рассматриваются современные тенденции в информационной безопасности и возможные пути развития этого направления в будущем. Мы исследуем, какие новые типы инфраструктур появились за последнее время, какие уязвимости появились в новых технологиях и как их будут защищать в будущем. Мы обсуждаем как будет развиваться информационная безопасность в будущем.

Keywords: information security; information; trend.

Ключевые слова: информационная безопасность; информация; тенденция.

Now we are surrounded by technology: smartphones, computers, laptops. Even such simple things as a kettle or a light switch have become "smart" and gained access to the so-called «Internet of things».

In addition to the obvious advantages of such digitalization, a new type of threat has appeared. All digital gadgets are vulnerable to cyber-attacks at any stage of the structure. Attackers can gain access to our devices through operating system vulnerabilities, application vulnerabilities, network connection vulnerabilities, and many other vulnerabilities.

However, with the growing threat of cyber-attacks, cybersecurity has also developed. Next, the most progressive trends in the field of information security, which are already beginning to be implemented, will be considered.

The concept of Zero Trust is based on the principle of distrust of users, devices and networks. Before granting access to applications, databases and other resources of the organization, the system automatically authenticates and authorizes users, and also regularly checks the authorization status of each user during operation. The implementation of the Zero Trust architecture reduces the risk of unauthorized access and horizontal movement within the network. An effective zero-trust strategy ensures that inspections are carried out quickly, and working in the background does not reduce employee productivity.

Cloud security is becoming more relevant as more and more companies move their data and processes to the cloud. This aspect of information security includes protecting data privacy in network infrastructure, online applications and platforms. Security must be provided by both organizations and cloud service providers. Cybersecurity measures such as encryption, access control, and event monitoring must be implemented. Users must set up security, use services securely, and protect end-user devices and networks.

DevSecOps is a method of integrating cybersecurity principles into the software development and use process. By providing security at the initial stages, companies can detect and fix vulnerabilities early in the development cycle, reducing the likelihood of breaches and malicious attacks. An important aspect of the DevSecOps approach is the close collaboration between the development, operations and information security teams. Previously, vulnerability testing was carried out after the completion of the process, that is, when testing the finished product, however, due to the wide range of threats and challenges, it became advisable to use secure development tools at the earliest stages of the project.

In the field of cybersecurity, the possibility of completely abandoning traditional passwords, which are considered outdated, in favor of modern and more secure password-free access has been discussed for a long time. Biometric data has a number of advantages and is the most common authentication method, as users have long used fingerprint scanning and facial recognition on their household devices. Biometrics also provides better protection against attacks and fraud compared to one-time access codes sent by SMS or email.

Proactive security is an approach to the protection of information systems, which is based on forecasting and preventing potential threats, and not only on responding to emerging incidents. It includes the analysis of user behavior, systems and networks, the identification of anomalies and potential threats, as well as the application of preventive measures to eliminate vulnerabilities and reduce risks.

Proactive security uses a variety of methods and tools such as intrusion detection systems, intrusion prevention systems, behavioral analysis, network traffic monitoring, and regular software and security policy updates. This allows organizations to be prepared for possible attacks and minimize damage from them.

The introduction of the Internet of Things continues, and at the same time the problem of lack of proper security in embedded devices is growing. In the future, regulators are expected to increase their control, especially due to the growing threat of artificial intelligence and the search for new ways of attacks by attackers.

The prospects for regulation of connected devices will change as more comprehensive structures are developed by governments and regulators to address the challenges associated with the increased use and development of connected devices, as well as the increasing sophistication of attackers.

Advanced employee training. Even in the modern world, man remains the weakest link in information security. Mistakes, low information literacy and social engineering make people vulnerable to cyber-attacks. Social engineering uses psychological manipulation and methods of influencing emotions, forcing people to transmit important information or perform actions that lead to hacking. Thus, now there is a need for advanced employee training, many companies conduct trainings, meetings and regularly remind employees how not to become a victim of hackers. Also, with the development of artificial intelligence, it has become possible to produce personalized

Список литературы:

1. Барей Н.С, Величко А.С Тенденции кибербезопасности в современной России [Электронный ресурс] // CyberLenika : сайт – URL: https://cyberleninka.ru/article/n/tendentsii-kiberbezopasnosti-v-sovremennoy-rossii/viewer (дата обращения: 27.05.2024).
2. Головко Н. Прогноз развития киберугроз и средств защиты информации – 2024 [Электронный ресурс] // Anti-Malware: сайт – URL: https://www.anti-malware.ru/analytics/Threats_Analysis/2024-Forecast (Дата обращения: 27.05.2024).
3. Десять основных трендов кибербезопасности [Электронный ресурс] // Kaspersky: сайт – URL: https://www.kaspersky.ru/resource-center/preemptive-safety/cyber-security-trends (Дата обращения: 27.05.2024).